CVE-2017-11415

Name of the Vulnerable Software and Affected Versions Fiyo CMS version 2.0.7

Description The issue concerns SQL injection in a specific PHP file, sys article.php, located in the dapur/apps/app article directory. This SQL injection is possible via several POST parameters: parent id, desc, keys, and level.

Recommendations For Fiyo CMS version 2.0.7, consider restricting access to the vulnerable sys article.php file until a patch is available. As a temporary workaround, avoid using the parameters parent id, desc, keys, and level in the affected POST requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.